Security Basics mailing list archives
Re: security products
From: Meenal Mukadam <meenal.mukadam () gmail com>
Date: Thu, 19 Feb 2009 11:40:56 +0530
Hi Juan, You can have different mechanisms in place. Few are as follows: 1) Password protection: You can have password protection. Password can be given to only those who need the content. But: Such passwords can be easily broken. So if the information is very critical, avoid using this method. 2) Documents can be encrypted. Mr. Shreyas has covered it well in his great response. 3) Access controls: Data compartmentalization can be used. Wherein the Information assets can be clearly classified. They can be profiled. Resource and privilege allocation can be decided accordingly. 4) Policy based controls: When documents are placed in a central repository you can have a mechanism to watermark them. Usage and disclosure can be controlled by having confidentiality agreements, policy and procedures for the usage (viewing, modifying, updating, deleting....). For example if the document is watermarked 'Confidential' the confidentiality agreement, usage policy and procedures document would dictate the appropriate usage, and also what would be the consequences if they weren't followed. (Trust me when I say that when the consequences are grave only a highly motivated individual would try and leak the individual). 5) Logs: You can log various events relating to document usage. But only this wont help. You even have to make sure that the employees know that their document usage is being monitored. Again consequences have to be clearly stated and dictated in case of non compliance (with the company's procedures). 6) Anti-malwares: Have a good anti-malware software in place to prevent infections (especially to safeguard against spywares). 7) Awareness/Training: Conduct Awareness and Training programs to educate employees to prevent even accidental leakage of information. You can even combine two three of these mechanisms together to improve the overall security mechanism for securing the documents. Hope this answers your question. Regards, Meenal A. Mukadam On Wed, Feb 18, 2009 at 10:42 PM, Juan Pablo Macias <jpmacias () gmail com> wrote:
Hi everybody. A friend asked for my advice, so now i ask the experts. He has a windows network with many shared excel files. Some of them have sensitive information, information about his clients, but all of them are required to be shared. Each share is password protected. He is worried that, for example, one of his employees takes an important file from the shared network and sells it. Is there a way, in this scenario, to control who can access what? or to avoid copying files away from the shared pc, or to allow to make changes, but not to copy the file to another location? A possible solution would be to password protect or encrypt the files, but i don't think it would be be feasible it talking about some hundred files. Is there software that already takes care or this? In the long term, my suggestion would be to put all excel files into a formal database and implement access control there, maybe even a web application. What are your suggestions? Thanks in advance. Juan Pablo -- To follow the path, look to the master, follow the master, walk with the master, see through the master, become the master
-- Meenal A. Mukadam ----------------------------------------------------------------- http://www.linkedin.com/in/meenalmukadam ----------------------------------------------------------------- Far away there in the sunshine are my highest aspirations. I may/maynot reach them, but I can look up and see their beauty, believe in them and try to follow where they lead -------------------------------------------------------------
Current thread:
- Re: security products, (continued)
- Re: security products Quentin Chung@Programmer (Feb 18)
- Re: security products Isaac Perez Moncho (Feb 18)
- Re: security products Javier Reyna (Feb 18)
- Re: security products Shreyas Zare (Feb 18)
- Re: security products Juan Pablo Macias (Feb 18)
- RE: security products darin.franklin (Feb 18)
- Re: security products Francesc Vila (Feb 18)
- Re: security products Rainer Giedat (Feb 18)
- Re: security products Melvin (Feb 19)
- RE: security products Rajagopalan Raman (Feb 19)
- Re: security products Meenal Mukadam (Feb 19)
- Re: Re: security products dan . crowley (Feb 19)
- Re: security products rohnskii (Feb 19)
- Re: security products praveen_recker (Feb 19)
- Re: security products Juan Pablo Macias (Feb 19)
- Re: Re: Re: security products chmod1777 (Feb 19)